Addition:
Sometimes I can login but when I try to navigate in administration then Joomla kicks me out

Same happens to me.

The strange thing is that I can enter a lifetime of 52560000 and all seems to work but not with 15000000.

Probably the input is somewhere cut to a smaller integer. So if the value get big enough on the lower int the session time get usable again

If you are setting your lifetime to stupid values then what do you expect.

No reasonable well written web app needs a lifetime of 15000000!!!

If you want to persist a user session for a long time then there are better ways of doing it!

PHP 7.1 has made some major session changes, maybe this is a bug in PHP 7.1 - its surely not a Joomla bug...

In field lifetime it's possible to enter high values. This shoudn't be possible then. It's not obvious for users that they will be locked out from administration if they set some values.

its surely not a Joomla bug, maybe this is a bug in PHP 7.1...

Same strange problem with PHP 5.6
52.560.000 works (~100 years).
15.000.000 not (~25 years).

Quite frankly Joomla cannot be held responsible for idiots setting a 25 year session lifetime!

Ok I can replicate this and have found the root cause being the time column in the #__session table being a VARCHAR(14) ... fml...

After changing this to a int(11) with a session lifetime in configuration.php as 15000000 the session issue goes away.

After changing this to a bigint(20) with a session lifetime in configuration.php as 15000000 the session issue goes away.

I have only tested MySQL database storage - I have no mssql/etc setups.

Please test. Then we can ask someone like @mbabker if this even needs addressing, and if so which column type is best (for MySQL)

Sorry for inputting stupid values. I was not interested in the dimension, I just wanted to stay longer online and vaguely remembered value 15000. As i was not sure i remember it right i thought just add some zeros than it will stay longer ...
May be a sanitize of the input may be the right solution
Thanks for your patience and effort

Please test. Then we can ask someone like @mbabker if this even needs addressing, and if so which column type is best (for MySQL)

We may leave the database as it is. We just have to check if the value is to big. Then use biggest possible value.
Where would be the place to check the input ?

What about just setting max value of: 1500000 in the lifetime field. Quick simple, and no one should need anything bigger than this?

/administrator/components/com_config/model/form/application.xml

Do you know what the maximum is? Won't it be dependant on the server?

On 20 Mar 2017 9:57 a.m., "Tony Partridge" notifications@github.com wrote:

What about just setting max value of: 1500000 in the lifetime field. Quick
simple, and no one should need anything bigger than this?

/administrator/components/com_config/model/form/application.xml

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13933 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8TcoYYh9TBNXh_RkDlE2IrFE_EgWks5rnk17gaJpZM4L3fv_
.

@brianteeman of course I don't. I am just proposing to set a Joomla! maximum, what we think as a CMS is right. We suggest 15 minutes. You shouldn't need a session to be bigger than 60minutes in reality.

I am just suggesting we look at setting a max limit, or hey just change the column.

@PhilETaylor commented on Feb 11 : root cause being the time column in the #__session table being a VARCHAR(14) ...
2^14 = 16384 is the max the variable can hold. I don't know where the user input should be checked for a too big value to suggest a proper solution.
When the column was designed the designer did think about a useful value probably. If you have a local developer website you don't want to login on the next day. In a book was recommended to set this value to 1500.
My recommendation is to cut every value above 16384 and set it to 16383. This solution has no side effects as values below 16384 behave like before. Thats why i recommend it

@ThomasFinnern

Great so I suggest we set it to 16383 as a max value on input. Which we can do with a single file change

@tonypartridge can you make a PR?

Closed as we have a PR #17609

Maybe there is someone who can test the session improvements at #19708 for mysql. After database column time will be changed to an integer, joomla should work better.